This is how Pokemon GO BOT steals your passwords and personal details
Thanks to Dave Myers for making this article on security for us*
Everyone’s worried about security these days. Its on the news all the time that this company got hacked, or that company got a virus on all their computers. Its pretty much a daily topic in the twenty first century to even think about getting hacked. Passwords are getting more difficult, while the availability of usernames continues to disappear.
So why am I dragging on about security of the real world when this website writes primarily about Pokemon Go? With Pokemon Go comes about 65% of us using our Gmail accounts with the game. Our Gmail accounts are fairly important for about another 35% of that. We use them on a daily basis. Some of us make purchases, whether it be with the electronic credit cards built into our phones or on the Google Play Store. We use these accounts with everything on our Android devices. These Gmail accounts could basically tell a life story of the owners, and generally that’s not something you think about.
Let’s think about these Pokemon Go Bots for a moment. Did you ever stop to think before putting your Gmail account information into it? I bet 90% of you that use Gmail to login to your Pokemon Go accounts didn’t even take a second thought. Just typed it in and went on your way to botting.
What if I told you that Niantic and these bots have NO protection on your account information when it comes to logging into the game? NONE! The Gmail email and password are saved, used and read as plainly as this article. Check the video below and you’ll see exactly how someone could steal your account information using a Pokemon Go bot.
Didn’t think about that did you? I bet you didn’t. I’m sure not all BOTS are like that but I’m sure there is a good handful of them that could send and save your information as easily as shown in the video. Sure, I used a simple child like method of programming in a SMTP server, but even then, that’s how easy it is! Why over complicate? Niantic would be smart to force encrypt this stuff. Its something they don’t do. Have it encrypted before it gets sent to the server. Bot creators could get smarter and encrypt this info in the files as well, but we’ll just have to wait and see how this pans out. Niantic has had a bumpy start with Pokemon Go, but that’s another write up for another day.